Commit ae592801 authored by Howard Chu's avatar Howard Chu
Browse files

Add callbacks for client TLS connection establishment:

LDAP_OPT_X_TLS_CONNECT_CB and LDAP_OPT_X_TLS_CONNECT_ARG
with int (LDAP_TLS_CONNECT_CB) (LDAP *ld, SSL *ssl, SSL_CTX *ctx, void *arg)
To be called whenever the client library allocates a new SSL* handle.
parent 99ee94a3
......@@ -134,6 +134,8 @@ LDAP_BEGIN_DECL
#define LDAP_OPT_X_TLS_RANDOM_FILE 0x6009
#define LDAP_OPT_X_TLS_SSL_CTX 0x600a
#define LDAP_OPT_X_TLS_CRLCHECK 0x600b
#define LDAP_OPT_X_TLS_CONNECT_CB 0x600c
#define LDAP_OPT_X_TLS_CONNECT_ARG 0x600d
#define LDAP_OPT_X_TLS_NEVER 0
#define LDAP_OPT_X_TLS_HARD 1
......
......@@ -241,6 +241,9 @@ LDAP_F (int) ldap_pvt_tls_init_default_ctx LDAP_P(( void ));
typedef int LDAPDN_rewrite_dummy LDAP_P (( void *dn, unsigned flags ));
typedef int (LDAP_TLS_CONNECT_CB) LDAP_P (( struct ldap *ld, void *ssl,
void *ctx, void *arg ));
LDAP_F (int) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx, struct berval *dn,
LDAPDN_rewrite_dummy *func, unsigned flags ));
LDAP_F (int) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx, struct berval *dn,
......
......@@ -170,6 +170,8 @@ struct ldapoptions {
#ifdef HAVE_TLS
int ldo_tls_mode;
LDAP_TLS_CONNECT_CB *ldo_tls_connect_cb;
void* ldo_tls_connect_arg;
#endif
LDAPURLDesc *ldo_defludp;
......
......@@ -713,6 +713,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
} else {
struct ldapoptions *lo;
void *ctx = ld->ld_defconn
? ld->ld_defconn->lconn_tls_ctx : NULL;
......@@ -728,8 +729,15 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
if( ctx == NULL ) {
ctx = tls_def_ctx;
conn->lconn_tls_ctx = tls_def_ctx;
}
lo = &ld->ld_options;
if ( lo->ldo_tls_connect_cb )
lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
lo = LDAP_INT_GLOBAL_OPT();
if ( lo && lo->ldo_tls_connect_cb )
lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
}
err = SSL_connect( ssl );
......@@ -1201,6 +1209,12 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
*(void **)arg = retval;
break;
}
case LDAP_OPT_X_TLS_CONNECT_CB:
*(LDAP_TLS_CONNECT_CB **)arg = lo->ldo_tls_connect_cb;
break;
case LDAP_OPT_X_TLS_CONNECT_ARG:
*(void **)arg = lo->ldo_tls_connect_arg;
break;
default:
return -1;
}
......@@ -1253,6 +1267,12 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
ld->ld_defconn->lconn_tls_ctx = arg;
}
return 0;
case LDAP_OPT_X_TLS_CONNECT_CB:
lo->ldo_tls_connect_cb = (LDAP_TLS_CONNECT_CB *)arg;
return 0;
case LDAP_OPT_X_TLS_CONNECT_ARG:
lo->ldo_tls_connect_arg = arg;
return 0;
}
if ( ld != NULL ) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment